Friday 6 November 2015

IP directed broadcast

An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some IP subnet but which originates from a node that is not itself part of that destination subnet.
A device that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a device that is directly connected to its destination subnet, that packet is broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.
If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached are broadcast on that subnet.
If the no ip directed-broadcast command has been configured for an interface, directed broadcasts destined for the subnet to which that interface is attached are dropped, rather than being broadcast.

Directed broadcast, as opposed to all 1s broadcast (255.255.255.255)  or link local broadcast, is a broadcast directed to a specific subnet only. For instance a broadcast sent to the IP address 192.168.0.255/24 is a broadcast to that particular subnet 192.168.0.0/24. Since it can be exploited for Smurf attacks (DoS), ip directed broadcast is disabled by default in the 12.x IOS versions.

If you're part of say 10.0.0.0/24 subnet & an upstream router had 192.168.0.0/24 subnet attached to it, you'll send a directed broadcast to the address 192.168.0.255/24 & the router will relay it to the destination subnet. The packets will be routed like any other packets until it hits the destination router, which will send the broadcast from the interface which has the destination network directly attached to it.



This example shows how to enable forwarding of IP directed broadcasts 
on Ethernet interface 2/1:
switch# configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# no switchport
switch(config-if)# ip directed-broadcast
switch(config-if)#
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)